Hi Warren It's good idea that the authority DNS be smart enough to predict or configured to package all the information for a URL as a whole object (like a webpage). It will reduce the latency for user.
As to the draft itself, there are two questions: First, for a same transaction, the cost from using TCP may be more than the gain from the queries you save, which may ultimately let the performance become even worse. Do you have any consideration on this? Second, the purpose of using TCP is to mitigate amplify attack as you describe in the draft. I notice that there is a draft using DNS cookie to counter that problem. But it lacks incentive to deploy. For my concern, you can consider to combine the two ideas to achieve better result. Glad to see more discussion on application and innovation of large packet which will lead us to break through the limitation of 512B :-) Davey -----邮件原件----- 发件人: DNSOP [mailto:[email protected]] 代表 Warren Kumari 发送时间: 2015年1月12日 4:52 收件人: dnsop 主题: [DNSOP] Fwd: New Version Notification for draft-wkumari-dnsop-multiple-responses-00.txt Hi all, This document may contain much that makes folk grumpy. It proposes allowing an authoritative nameserver to return additional information (surprisingly, in the Additional section), and have recursives trust it (because it is DNSSEC signed). This makes responses larger, and so we propose an, um, interesting mitigation to the DDoS concern... you'll have to read it to find out what :-P W ---------- Forwarded message ---------- From: <[email protected]> Date: Sun, Jan 11, 2015 at 3:47 PM Subject: New Version Notification for draft-wkumari-dnsop-multiple-responses-00.txt To: Wesley Hardaker <[email protected]>, Warren Kumari <[email protected]>, Zhiwei Yan <[email protected]> A new version of I-D, draft-wkumari-dnsop-multiple-responses-00.txt has been successfully submitted by Warren Kumari and posted to the IETF repository. Name: draft-wkumari-dnsop-multiple-responses Revision: 00 Title: Returning multiple answers in a DNS response. Document date: 2015-01-11 Group: Individual Submission Pages: 8 URL: http://www.ietf.org/internet-drafts/draft-wkumari-dnsop-multiple-responses-0 0.txt Status: https://datatracker.ietf.org/doc/draft-wkumari-dnsop-multiple-responses/ Htmlized: http://tools.ietf.org/html/draft-wkumari-dnsop-multiple-responses-00 Abstract: This document (re)introduces the ability to provide multiple answers in a DNS response. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
